Stephen Haruna's repositories
faraday
Collaborative Penetration Test and Vulnerability Management Platform
Sn1per
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
fuxi
Penetration Testing Platform
comp_arch_list
List of required readings for three-semester course in Computer Architecture at UCU (Principles of Computer Organization, Computer System Architecture, Operating Systems)
dumb-nfuzz
The Dumb Network Fuzzer
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
exploitation-course
Offensive Software Exploitation Course
GTFOBins.github.io
Curated list of Unix binaries that can be exploited to bypass system security restrictions
DeimosC2
DeimosC2 is a Golang command and control framework for post-exploitation.
WitnessMe
Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Awesome-Fuzzing
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
sigma
Generic Signature Format for SIEM Systems
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
sof-elk
Configuration files for the SOF-ELK VM, used in SANS FOR572
Mistica
An open source swiss army knife for arbitrary communication over application protocols
my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
DetectionLabELK
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
pacu
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
unicorn
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
DomainPasswordSpray
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
PoC
Proofs-of-concept
LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
BloodHound
Six Degrees of Domain Admin
APT-Lab-Terraform
Purple Teaming Attack & Hunt Lab - Terraform
Checklists
Red Teaming & Pentesting checklists for various engagements